oid_section = xca_oids

[ xca_oids ]
dom = 1.3.6.1.4.1.311.20.2
MsCaV = 1.3.6.1.4.1.311.21.1
msEFSFR = 1.3.6.1.4.1.311.10.3.4.1
iKEIntermediate = 1.3.6.1.5.5.8.2.2
nameDistinguisher = 0.2.262.1.10.7.20
id-kp-eapOverPPP = 1.3.6.1.5.5.7.3.13
id-kp-eapOverLAN = 1.3.6.1.5.5.7.3.14

[ req ]
default_bits = 1024
default_keyfile = privkey.pem
distinguished_name = xca_dn
x509_extensions = xca_extensions
req_extensions = xca_extensions
string_mask = MASK:0x2002
utf8 = yes
prompt = no

[ xca_dn ]
0.OU=Copyright (c) 1999 Microsoft Corp.
1.CN=Microsoft Test Root Authority
2.OU=Microsoft Corporation

[ xca_extensions ]
certificatePolicies=ia5org,@certpol0_sect
authorityKeyIdentifier=keyid
subjectKeyIdentifier=hash
basicConstraints=critical,CA:TRUE

[certpol0_sect]
policyIdentifier=1.3.6.1.4.1.311.10.3.5
userNotice.0=@certpol0_sect_notice0_sect

[certpol0_sect_notice0_sect]
explicitText=This certificate is used to sign untested drivers that have not passed the Windows Hardware Quality Labs (WHQL) testing process.  This certificate and drivers signed with this certificate are intended for use in test environments only, and are not intended for use in any other context.  Vendors who distribute this certificate or drivers signed with this certificate outside a test environment may be in violation of their driver signing agreement.  Vendors who have their drivers signed with this certificate do so at their own risk.  In particular, Microsoft assumes no liability for any damages that may result from the distribution of this certificate or drivers signed with this certificate outside the test environment described in a vendors driver signing agreement.

[ ca ]
default_ca = testroot

[ testroot ]
dir = testroot
certs = $dir
new_certs_dir = $dir/testroot.db.certs
database = $dir/testroot.db.index
serial = $dir/testroot.db.serial
RANDFILE = $dir/testroot.db.rand
certificate = $dir/testroot.pem
private_key = $dir/testroot.key
default_days = 3650
default_crl_days = 30
default_md = md5
preserve = no
policy = generic_policy

[ generic_policy ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = optional
emailAddress = optional